// GET: api/AccessCaApi/GetAll public async Task <List <string> > GetAll() { var scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope"); if (scopeClaim == null || (!scopeClaim.Value.ContainsAny("access_as_user"))) { throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'access_as_user' or scope claim not found" }); } AuthenticationResult result = null; _tokenAcquisition = new TokenAcquisition(new AuthenticationConfig()); // In the case of a transient error, retry once after 1 second, then abandon. // Retrying is optional. It may be better, for your application, to return an error immediately to the user and have the user initiate the retry. bool retry = false; int retryCount = 0; do { retry = false; try { result = await _tokenAcquisition.GetUserTokenOnBehalfOfAsync(caResourceIdScope); } catch (MsalUiRequiredException ex) { await _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync((caResourceIdScope), ex, HttpContext.Current.Response); throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Forbidden }); } } while ((retry == true) && (retryCount < 1)); /* * You can now use this access token to accesss our Conditional-Access protected Web API using On-behalf-of * Use this code below to call the downstream Web API OBO */ string oboAccessToken = result.AccessToken; _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", oboAccessToken); List <string> lstUsers = new List <string>(); HttpResponseMessage response = await _httpClient.GetAsync(_TodoListDownstreamBaseAddress + "/api/CallGraph"); if (response != null && response.StatusCode == HttpStatusCode.OK) { string content = response.Content.ReadAsStringAsync().Result; lstUsers = JsonConvert.DeserializeObject <List <string> >(content); return(lstUsers); } throw new HttpRequestException($"Invalid status code in the HttpResponseMessage: {response.StatusCode}."); }
// GET: api/ConditionalAccess public async Task <string> Get() { var scopeClaim = ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/scope"); if (scopeClaim == null || (!scopeClaim.Value.ContainsAny("access_as_user"))) { throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Unauthorized, ReasonPhrase = "The Scope claim does not contain 'access_as_user' or scope claim not found" }); } AuthenticationResult result = null; _tokenAcquisition = new TokenAcquisition(new AuthenticationConfig()); // In the case of a transient error, retry once after 1 second, then abandon. // Retrying is optional. It may be better, for your application, to return an error immediately to the user and have the user initiate the retry. bool retry = false; int retryCount = 0; do { retry = false; try { result = await _tokenAcquisition.GetUserTokenOnBehalfOfAsync(caResourceIdScope); return("protected API successfully called"); } catch (MsalUiRequiredException ex) { await _tokenAcquisition.ReplyForbiddenWithWwwAuthenticateHeaderAsync((caResourceIdScope), ex, HttpContext.Current.Response); throw new HttpResponseException(new HttpResponseMessage { StatusCode = HttpStatusCode.Forbidden }); } } while ((retry == true) && (retryCount < 1)); /* * You can now use this access token to accesss our Conditional-Access protected Web API using On-behalf-of * Use this code below to call the downstream Web API OBO * * string oboAccessToken = result.AccessToken; * private HttpClient httpClient = new HttpClient(); * httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", result.AccessToken); * HttpResponseMessage response = await httpClient.GetAsync(WebAPI2HttpEndpoint (App ID URI + "/endpoint"); */ }